Intruno’s New Approach to Information Security Could Be the Vaccine to STOP the Healthcare Data Breach Epidemic

Healthcare facilities are under siege, not from outbreaks of infectious diseases but from cyber criminals who want to access electronic health records (EHR) and other sensitive data.

Patient Data Breaches: As Serious as a Heart Attack

In February 2015, health insurance titan Anthem disclosed that it had fallen victim to what would turn out to be the largest healthcare data breach in history.

Names, birth dates, home addresses, Social Security numbers, employment history, and other sensitive personal information belonging to nearly 80 million current, former members and employees, including Anthem’s own CEO, were compromised.

Although the hackers were never officially identified, Anthem did discover how they accessed the
system: using stolen login credentials.

It was revealed that five Anthem IT workers had their credentials compromised, possibly through email phishing. Using a system administrator’s credentials, the attackers were able to run database queries and upload the stolen data to an outside cloud service.

To make matters worse, the attackers were in the systems for many months before being discovered. The unauthorized database queries began on December 10, 2014 – perhaps even earlier – and continued off and on until the end of January 2015, when a system administrator finally noticed that someone else was using his login credentials.

A year later, the fallout from the Anthem breach continues; a class action lawsuit is pending, accusing the company of inadequate cyber security protections.

Cyber security experts point to the Anthem breach as a case study in the importance of monitoring system activity.

For months, no one noticed that the stolen credentials were being used in a highly unusual manner, and if the affected system administrator hadn’t stumbled across the problem, the hackers may have remained in the system even longer and stolen even more data.

Why is Healthcare Being Targeted?

When asked why he robbed banks, Willie Sutton quipped, “ because that is where the money is.” Hospitals, clinics, insurance companies and healthcare organizations are the target today for numerous reasons:

The Virtual “Intelligent Eye”: The Vaccine for PHI Data Breaches

Cyber security experts are emphasizing the importance of instilling a culture of security awareness within the healthcare industry, to include more comprehensive and frequent employee training. There must be a shift in mindset from “that’s not my job” to “information security is everyone’s responsibility.” Certainly it is important for healthcare facilities – and all other organizations – to begin taking information security and privacy seriously.

However, procedural changes alone are not sufficient to defend against cyber security attacks from outside criminal hackers; mistakes will always happen, and malicious insiders who purposefully violate privacy & procedures will always exist.

It is not reasonable to expect that a breach attempt will never happen

This is the process of monitoring and surveilling all user activity within a system, learning normal, authorized user usage patterns and day-to-day habits establishing baselines, and then quickly detecting, recognizing and responding to behavior activity that deviates from the norm – which could indicate a possible breach.

Behavior analysis may have been able to prevent the Anthem attack by recognizing that someone was using legitimate credentials in an unusual manner. However, behavior analysis has proven to be very difficult, quite expensive, and not entirely effective – until now

ACCS takes advantage of the exponential advances in both artificial intelligence and “deep” machine learning that have occurred in only the past two to five years.

Intruno’s Ambient Cognitive Cyber Surveillance™ platform is based on a patented, real-time user access monitoring machine learning engine which generates a unique, adaptive digital “fingerprint” for every login credential for every user in every application and database that is surveilled.

Digital Signature for Normal User Behavior

Digital Signature for Anomalous User Behavior

This unique (and continuously updated) digital “signature” is based on the normal, authorized user access patterns, habits and behavior that have automatically been processed based on historical and real-time streaming data.

Intruno can quickly compare the digital identity of the individual who is using the login credentials and determine whether the login credentials are being used ‘normally’. Aberrant, anomalous user behavior – indicating a compromised credential or its misuse – is detected in real-time – with far Digital Signature for fewer false positives.

Simple, Rapid Deployment – At an Affordable Cost

Despite the advanced Machine Learning (ML) and Artificial Intelligence (AI) algorithms & technology that power Intruno, our deployment and implementation is simple, rapid, highly scalable, and non-disruptive to clinical or IT workflows.

Implementation also has very low resource requirements, which means Intruno provides enterprise-level security at a price performance that fits not only the demands of large, nationally distributed healthcare systems but also the budgets of small and medium-sized organizations.

Intruno’s Ambient Cognitive Cyber Surveillance™ system is the only solution available that offers high performance monitoring for sensitive, critical information systems using:

Real-time user access behavior and pattern profiling that detects not only outside hackers but also “rouge insiders” for a formidable, ‘next-generation’ monitoring layer for added security.

Cogentyx supports and rapidly integrates with over 100 top healthcare applications and database systems including; Epic, GE, Cerner, Allscripts, Athenahealth, and eClinicalWorks – and is able to integrate with any new system without delay.

Cyber security is continuously changing and evolving. As soon as one vulnerability is fixed, hackers find another to exploit, and the cycle continues. This is why it’s so important to have a self-learning solution that never stops learning and evolving and that can instantly identify not only today’s attacks but also tomorrow’s.